Access-Control-Allow-Origin: https://example.com, https://another-example.com
more_set_headers "Access-Control-Allow-Methods: GET,POST,OPTIONS";
more_set_headers "Access-Control-Allow-Headers: Content-Length,Access-Control-Allow-Origin,Access-Control-Allow-Headers,Content-Type,token,page-key"; # 可以为*，如果开启了允许跨域包含凭证，建议限制header头
more_set_headers "Access-Control-Allow-Credentials: false"; # 是否允许跨域包含凭证，如Cookie、http认证
if ($request_method = OPTIONS ) {
    expires 36000; # CDN缓存
    return 200;
}

Access-Control-Allow-Origin可以设置为动态变量: $origin

跨域策略

results matching ""

No results matching ""